Patentable/Patents/US-11956266
US-11956266

Context based risk assessment of a computing resource vulnerability

PublishedApril 9, 2024
Assigneenot available in USPTO data we have
Inventorsnot available in USPTO data we have
Technical Abstract

According to an embodiment, a computer-implemented method can comprise: inspecting, using a processor, a set of container images respectively associated with pods; identifying, using the processor, a first subset of the pods that contain a vulnerability; classifying, using the processor, the first subset of the pods as primary-infected pods; generating, using the processor, a first list of namespaces in which the primary-infected pods are deployed within a network; checking, using the processor, network policies in connection with the first list of namespaces to determine secondary-suspect pods that have ability to communicate with the primary-infected pods; generating, using the processor, a list of secondary-suspect namespaces in which the secondary-suspect pods are deployed within the network; identifying, using the processor, one or more secondary-suspect pods that communicated with one or more primary-infected pods; and generating, using the processor, a list of secondary-infected pods.

Patent Claims
15 claims

Legal claims defining the scope of protection, as filed with the USPTO.

2

2. The system of claim 1, wherein the risk component determines the contextual risk score further based on checking a specification and privileges associated with the primary-infected pods and the secondary-infected pods to generate a list of suspect machines, primary-infected machines, and secondary-infected machines and to determine an ability of the primary-infected pods and the secondary-infected pods to morph a configuration of the network.

3

3. The system of claim 1, wherein the risk component determines the contextual risk score further based on determining respective total resource capacities that the container images in the primary-infected pods and the secondary-infected pods have ability to consume to generate a total-capacity-at-risk measure.

4

4. The system of claim 1, wherein the risk component determines the abilities of the container images to change the first subset of the security measures based on determining respective permissions associated with the container images.

5

5. The system of claim 3, wherein the total-capacity-at-risk measure is further based on bounded capacity of at least one of: respective processors, respective memory, or respective disks associated with the primary-infected pods and the secondary-infected pods.

6

6. The system of claim 1, wherein the risk component dynamically generates a second contextual risk score and a second absolute risk score associated with the primary-infected pods and the secondary-infected pods based on one or more changes to at least one of the primary-infected pods and the secondary-infected pods.

7

7. The system of claim 1, wherein the risk component employs a trained model to dynamically generate the contextual risk score and the absolute risk score associated with the primary-infected pods and the secondary-infected pods.

10

10. The method of claim 8, further comprising determining, using the processor, the contextual risk score further based on determining respective total resource capacities that the container images in the primary-infected pods and the secondary-infected pods have ability to consume, and generating a total-capacity-at-risk measure based on the respective total resource capacities the container images in the primary-infected pods and the secondary-infected pods have ability to consume.

11

11. The method of claim 8, further comprising determining, using the processor, the abilities of the container images to change the first subset of the security measures based on determining respective permissions associated with the the container images.

12

12. The method of claim 10, wherein the total-capacity-at-risk measure is further based on bounded capacity of at least one of: respective processors, respective memory, or respective disks associated with the primary-infected pods and the secondary-infected pods.

13

13. The method of claim 8, further comprising generating, using the processor, a second contextual risk score and a second absolute risk score associated with the primary-infected pods and the secondary-infected pods based on one or more changes to at least one of the primary-infected pods and the secondary-infected pods.

16

16. The computer program product of claim 14, the program instructions further executable by the processor to cause the processor to determine the contextual risk score further based on determining respective total resource capacities that the container images in the primary-infected pods and the secondary-infected pods have ability to consume, and generating a total-capacity-at-risk measure based on the respective total resource capacities the container images in the primary-infected pods and the secondary-infected pods have ability to consume.

17

17. The computer program product of claim 14, the program instructions further executable by the processor to cause the processor to determine the abilities of the container images to change the first subset of the security measures based on determining respective permissions associated with the container images.

18

18. The computer program product of claim 14, the program instructions further executable by the processor to cause the processor to generate a second contextual risk score and a second absolute risk score associated with the primary-infected pods and the secondary-infected pods based on one or more changes to at least one of the primary-infected pods and the secondary-infected pods.

19

19. The computer program product of claim 16, wherein the total-capacity-at-risk measure is further based on bounded capacity of at least one of: respective processors, respective memory, or respective disks associated with the primary-infected pods and the secondary-infected pods.

20

20. The computer program product of claim 14, wherein the contextual risk score and the absolute risk score are generated using a trained machine learning model.

Classification Codes (CPC)

Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.

Patent Metadata

Filing Date

October 23, 2020

Publication Date

April 9, 2024

Want to explore more patents?

Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.

Citation & reuse

Analysis on this page is generated by Patentable — an AI-powered patent intelligence platform. AI-generated summaries, explanations, and analysis may be reused with attribution and a visible link back to the canonical URL below. Patent abstracts and claims are USPTO public domain.

Cite as: Patentable. “Context based risk assessment of a computing resource vulnerability” (US-11956266). https://patentable.app/patents/US-11956266

© 2026 Patentable. All rights reserved.

Patentable is a research and drafting-assistant tool, not a law firm, and does not provide legal advice. Documents we generate are drafts for review by a licensed patent attorney.